153 matches found
GHSA-2JXH-3CX8-XW65 Apache Geronimo console 1.0 vulnerable to cross-site scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...
Unbreakable Enterprise kernel security update
4.14.35-2047.512.6 - Revert 'rds/ib: recover rds connection from stuck rx path' Rohit Nair Orabug: 34039271 - uek-rpm: update kABI lists for new symbols Saeed Mirzamohammadi Orabug: 33993774 4.14.35-2047.512.5 - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug:...
GSD-2022-1000197 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
drm/msm/dsi: invalid parameter check in msmdsiphyenable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.96 by commit...
GSD-2022-1000128 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
drm/msm/dsi: invalid parameter check in msmdsiphyenable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.228 by commit...
GSD-2022-1000103 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
drm/msm/dsi: invalid parameter check in msmdsiphyenable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.265 by commit...
Schneider Electric Modicon Controllers Uncaught Exception (CVE-2018-7852)
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. This plugin only works with Tenable.ot...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...
CVE-2021-23852
CVE-2021-23852 concerns Bosch IP cameras. An authenticated administrator could call a URL with an invalid parameter, causing the camera to become unresponsive for a few seconds and trigger DoS. The vulnerability is documented across multiple sources (NVD entry, CNVD, CVE listing). No exploitation...
TerraMaster TOS Dynamic Class Method Invocation Vulnerability
TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A dynamic class method call vulnerability exists in include/exportUser.php in TerraMaster TOS versions prior to 4.1.29. The vulnerability stems from invalid parameter checking. An attacker can...
Code injection
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...
CVE-2020-5779
A flaw in Trading Technologies Messaging 7.1.28.3 ttmd.exe relates to invalid parameter handling when calling strcpys with an invalid parameter i.e., a long src string parameter as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe...
Design/Logic Flaw
A flaw in Trading Technologies Messaging 7.1.28.3 ttmd.exe relates to invalid parameter handling when calling strcpys with an invalid parameter i.e., a long src string parameter as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe...
CVE-2020-5779
A flaw in Trading Technologies Messaging 7.1.28.3 ttmd.exe relates to invalid parameter handling when calling strcpys with an invalid parameter i.e., a long src string parameter as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ALPINE-CVE-2019-14858
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
DEBIAN-CVE-2019-14858
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...